SecDevOps Engineer (Mid-Level 3)

Knox SystemsWashington, DC

About The Position

The SecDevOps Engineer designs, automates, and maintains Knox’s secure cloud infrastructure and CI/CD pipelines across AWS, Azure, and GCP within our FedRAMP-authorized, multi-tenant boundaries. Day-to-day, the work centers on Zero Trust access, continuous monitoring, cloud security posture, and observability — keeping secure, compliant, and repeatable operations running across federal cloud environments. The ideal candidate combines hands-on cloud architecture experience, automation expertise, and a deep security-operations mindset. This role bridges the gap between core cloud engineering and rigorous federal compliance, embedding security controls directly into the deployment fabric using Infrastructure as Code (IaC) and Policy-as-Code frameworks.

Requirements

  • 3–5 years of dedicated professional experience in SecDevOps, Cloud Security Engineering, DevOps, or Platform Engineering.
  • Hands-on production experience with at least one major hyperscaler (AWS preferred), with functional exposure to Azure and/or GCP environments.
  • High proficiency in Terraform and robust scripting capabilities (Python, Bash, or PowerShell); familiarity with Ansible is preferred.
  • Practical experience managing enterprise identity/access tooling (Okta, Entra ID) and secrets management platforms (HashiCorp Vault, AWS KMS, or Azure Key Vault).
  • Familiarity operating endpoint protection (EDR), cloud security posture management (CSPM), or vulnerability scanning platforms (e.g., CrowdStrike, Wiz, Qualys).
  • Experience building, configuring, and troubleshooting containerized environments (Docker, Kubernetes).
  • A strong conceptual or practical understanding of FedRAMP, NIST 800-53, or SOC 2 compliance frameworks.
  • U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process.

Nice To Haves

  • HashiCorp Certified: Terraform Associate
  • AWS Certified SysOps Administrator or Solutions Architect (Associate)
  • CompTIA Security+ or equivalent security credential
  • Microsoft Certified: Azure Administrator Associate

Responsibilities

  • Support and operate Zero Trust Network Access (Zscaler ZPA / PRA) architectures including app connectors, privileged remote access, and private application access boundaries.
  • Manage privileged credentials, API tokens, and secrets lifecycle using HashiCorp Vault, establishing automated credential flows and programmatic rotation.
  • Integrate and maintain federated identity providers (Okta, Azure AD / Entra ID, AWS IAM Identity Center) and actively support ongoing multi-cloud identity migrations.
  • Enforce strict least-privilege access models and machine-to-machine credential rotation policies across all automation systems.
  • Build and manage multi-tenant infrastructure across AWS, Azure, and GCP using Infrastructure as Code (Terraform primary; Ansible and CloudFormation as needed).
  • Automate end-to-end provisioning, configuration management, and environment deployment workflows via secure CI/CD and GitOps paradigms.
  • Manage cloud networking, IAM topologies, and security group configurations tailored strictly to FedRAMP controls and Impact Level 4 (IL4) boundaries.
  • Develop and maintain secure CI/CD pipelines utilizing GitHub Actions, GitLab CI, Azure DevOps, or Jenkins.
  • Integrate Policy-as-Code frameworks (OPA, HashiCorp Sentinel, or Azure Policy) into pipeline gates to enforce organizational compliance before infrastructure provisioning.
  • Embed automated static application security testing (SAST), software composition analysis (SCA), and container vulnerability scans into active deployment workflows.
  • Build, deploy, and troubleshoot containerized workloads within managed Kubernetes environments (EKS, AKS, GKE) using Helm, ArgoCD, or Kustomize.
  • Support FedRAMP Continuous Monitoring (ConMon) cycles, managing incident tickets, Plan of Action and Milestones (POA&M) tracking, and technical remediation follow-through.
  • Maintain IaC, pipeline architectures, and operating configurations compliant with FedRAMP and NIST 800-53 standards.
  • Automate programmatic audit evidence generation for specific control requirements, including CM-2 (Baseline Configurations), CM-6 (Configuration Settings), AU-2 (Event Logging), and SC-12 (Cryptographic Key Establishment and Management).
  • Participate in formal enterprise change management processes via ServiceNow, preparing documentation for Technical Change Reviews and Change Advisory Board (CAB/eCAB) workflows.
  • Deploy and maintain centralized dashboards, alert definitions, log aggregation, and metrics/APM architectures using Grafana, Prometheus, or cloud-native tooling.
  • Define, track, and report on Service Level Indicators (SLIs) and Service Level Objectives (SLOs) for critical secure services.
  • Participate in the team's operational on-call rotation (PagerDuty), driving rapid incident resolution, root-cause analyses, and P1 war room execution.

Benefits

  • Medical
  • Dental
  • Vision
  • Life & Disability
  • unlimited PEO
  • employee funded 401k plan
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service